Hi, Sandy Harris wrote: >Tarapia Tapioco wrote: >>A possible implementation looks like this: >>... >> >>* Linux/KAME's IKE daemon racoon is patched to attempt retrieval of an >> RSA key from said DNS repository and generate appropriate security >> policies. >> >>Cleaner solution, but more work probably. > >Why would you use racoon? FreeS/WAN's Pluto is available, under GPL, >already does OE, and works with 2.6 kernel IPsec (though I'm not >certain if patches are needed for that). Wouldn't it be a better >starting point?
I have to take a look at this. Using racoon was my first idea because it seems to be the "official" Linux thing these days and is portable to the *BSDs, too. It's probably only the NIH syndrome at work. Also, using pluto suffers from the general FreeS/WAN problem of not allowing contributions from USAians. Anyway, thanks for the reminder - while the project is still at the "half-assed idea tossing" state, hacking FreeS/WAN should still be an option.